IT Forensics on Hacked Chinese Server

By A Pavic & ZM Peterson • Feb 19, 2019

While working with a large e-commerce client on a China-based project, we realized their server had been hacked. After gaining unauthorized access, the intruder created cron jobs to restart the server. The goal was to reboot the server so that it runs their malicious code. We think that this was a typical takeover attempt, where the server is used as a DDoS zombie or as part of a zombie crypto miner network.

So how does someone go about investigating this? Read more from Aleksandar Pavic's article on LinkedIn. He nicely breaks down how to quickly locate the attacker. Security upgrades are in progress.

Ready to start your next design project?

Subscribe to our updates

* indicates required

Ready to work with NWES?
Contact us today for a consultation.

Contact Us Today